I'd say anything remotely security relevant.

Is that based in any way on the relative capabilities and security track records of OpenWRT and pfSense, or is a highly security-conscious userbase merely what's left for pfSense after eliminating anyone who wants good WiFi support and the ability to run on cheap commodity consumer appliances with tight memory and storage limits?

Both I suspect. OpenWRT sacrifices safety to work on low power devices i.e. no https package updates.

For obvious reasons (targeting embedded devices with limited flash) it's not the default, but for devices which can support it, HTTPS is easily enabled.

    opkg install wget ca-bundle
    sed -i "s/http/https/" /etc/opkg/distfeeds.conf

Done. And now packages have cryptographic signatures verified and are downloaded over HTTPS.

Are there other things pfSense can offer me? :)

(Thanks for giving me the push, btw)